Summary

Overview

Work History

Education

Skills

Certification

Memberships Organizations

Accomplishments

Affiliations

Timeline

Elizabeth L. Fokes

Information Security Risk Management, GRC

Augusta,GA

Summary

Experienced information security and GRC analyst with a background in business, customer service, relations, legal support, and IT. Over 20 years of industry experience, including 10 years in information security and risk management. Dedicated to aligning security architecture plans and processes with security standards and business objectives. Expertise in developing and testing security frameworks for cloud-based software, ensuring robust network defense strategies.

Overview

years of professional experience

Certifications

Work History

Software Security Analyst, ISRM

McKesson

04.2024 - Current

Conducted Security Reviews for HIPAA and Annual assessments
Risk level determination, remediation notification
Issues Management, Triage, Treatment

Senior Compliance Analyst, GRC

Macy’s, Inc.

08.2021 - 01.2024

Risk Analysis and threat level determination for internal, third-party, and renewal assessments
Lead weekly Security Council meetings (members consisted of Attorney, Privacy, PCI, AI, Architecture, and other Business Principals), Mentored, Created SOPs, all routine documentation templates, Runbooks, and 3 levels of SIGs
Presentations: Quarterly Risk level charting, documentation, Heat Mapping
Participated in OneTrust Implementation meetings, UAT testing, enhancements, problem resolution, OneTrust Certified Expert
Consistent partner with Legal, Procurement, PCI, Architecture, Privacy, Business Stakeholders

Information Security Analyst

FalconTek SDVOSB GovCon Services Firm

03.2021 - 06.2021

Contract position at MARTA for GRC team
Technical Writing – GRC Policy Updates; Participation in GRC Risk meetings
Information Security SME

Third Party Security Analyst

Hays IT

07.2019 - 12.2019

Contract position at WestRock for Third Party Security Management team
Conducted 196 security reviews to assess vendors’ postures to identify risks, metric collection
Communicated with vendors, procurement, legal, and networking teams regarding security status and requirements
Projects: Developed Auditing and remediation tracking processes, Service Now UAT
Consistent documentation in ServiceNow, adding/editing users in ServiceNow, creation of templates to assist with ISQ review and ISA scoping; technical writing; crafting of Remediation and Auditing Policies

Vendor Security Risk Management

Anthem

07.2017 - 06.2019

Managed 43+ 3rd party in depth risk assessments per annum to determine potential HIPAA, HITRUST, and WISP related security risks to Anthem network
Presentations: Risk PowerPoint slides and supporting technical documentation
Created new processes, procedures, and policies for constantly evolving VSRM program (complete revamps); Determined remediation plans, setting timelines and tracking
Security risk determination, reporting, monitoring; 20+ Archer implementation projects
Outreach to external C-Suite executives regarding assessments, remediation recommendations
SME on VSRM program, Information Security best practices and latest related news, WISP, HIPAA and HITRUST; Member of high-performance team

Information Security Consultant

MDI Group

04.2017 - 06.2017

Technical Writing – Vulnerability Testing Reports; Use of CVSS
Considered the best penetration testing report writer CTO has worked with
Conducted vulnerability research and wrote remediation recommendations for 3rd party risk assessments

Jr. Security Administrator

Datalex, Inc.

10.2016 - 04.2017

PCI-DSS 3.2 developed cadence, Policies, Procedures, Processes; Technical documentation
Daily Security logging, administration of security controls on Linux systems
Weekly Burp Suite scanning and analysis review of scan reports

Information Security Consultant, and Implementation Specialist

EthicalHat, Inc.

05.2016 - 10.2016

Relationship development and presales with SMBs, Fortune 50 companies in the financial, media, and medical sectors for potential contract valuation of $4M+ involving DLP, endpoint protection, Managed services, development of SOC/NOC, and information security consulting
PCI DSS 3.2 Compliance consultation; Process creation for core business functions
Extensive content creation: all products and services, company blog, white papers, customized sales documents, RFPS, Technical Documents & Presentations; security researcher
Trained other employees regarding information security concepts, social media marketing, SEO, and content development

Education

Master of Science - Information Technology

Southern Polytechnic State University

Marietta, GA

Master Certificate - Information Security and Assurance

Southern Polytechnic State University

Marietta, GA

Bachelor of Arts - International History

Mercer University Atlanta

Atlanta, GA

Associate of Applied Science - Networking Administration

North Georgia Technical College

Clarkesville, GA

Skills

Certified Information Systems Security Professional

Certified Information Security Manager

OneTrust Certified Privacy Professional

OneTrust Certified GRC Professional

Women in Leadership

Led IT Teams

Office Administration

HIPAA Compliance

HITRUST Compliance Knowledge

NIST CSF Compliance Knowledge

NIST 800-53 Compliance

PCI DSS Standards Knowledge

Windows Server 2008 Management

ServiceNow Administration Skills

Incident Response Management

Incident Security Analysis

Incident Notification Management

Incident Response Management

Threat Management Strategy

Risk Analysis

Comprehensive Risk Analysis

Social Engineering Prevention Strategies

Risk Reduction Strategies

Formulating Security Protocols

Certification

CISSP (656516)

Memberships Organizations

GA ISSA
ISACA
(ISC)2

Accomplishments

Published author, ACM

Steve Case Award

Affiliations

Association for Computing Machinery
Society of Women Engineers

Timeline

Software Security Analyst, ISRM

McKesson

04.2024 - Current

Senior Compliance Analyst, GRC

Macy’s, Inc.

08.2021 - 01.2024

Information Security Analyst

FalconTek SDVOSB GovCon Services Firm

03.2021 - 06.2021

Third Party Security Analyst

Hays IT

07.2019 - 12.2019

Vendor Security Risk Management

Anthem

07.2017 - 06.2019

Information Security Consultant

MDI Group

04.2017 - 06.2017

Jr. Security Administrator

Datalex, Inc.

10.2016 - 04.2017

Information Security Consultant, and Implementation Specialist

EthicalHat, Inc.

05.2016 - 10.2016

Master Certificate - Information Security and Assurance

Southern Polytechnic State University

Bachelor of Arts - International History

Mercer University Atlanta

Associate of Applied Science - Networking Administration

North Georgia Technical College

Master of Science - Information Technology

Southern Polytechnic State University

Elizabeth L. Fokes

Summary

Overview

Work History

Software Security Analyst, ISRM

Senior Compliance Analyst, GRC

Information Security Analyst

Third Party Security Analyst

Vendor Security Risk Management

Information Security Consultant

Jr. Security Administrator

Information Security Consultant, and Implementation Specialist

Education

Master of Science - Information Technology

Master Certificate - Information Security and Assurance

Bachelor of Arts - International History

Associate of Applied Science - Networking Administration

Skills

Certification

Memberships Organizations

Accomplishments

Affiliations

Timeline

Software Security Analyst, ISRM

Senior Compliance Analyst, GRC

Information Security Analyst

Third Party Security Analyst

Vendor Security Risk Management

Information Security Consultant

Jr. Security Administrator

Information Security Consultant, and Implementation Specialist

Master Certificate - Information Security and Assurance

Bachelor of Arts - International History

Associate of Applied Science - Networking Administration

Master of Science - Information Technology

Similar Profiles

Arthur BaylorArthur Baylor

Flora E. WilliamsFlora E. Williams

Kosi NwambuonworKosi Nwambuonwor

Joseph ZappavignaJoseph Zappavigna